Encryption: The key to security?

Since the devastating Paris attacks a few weeks ago, talk has revolved around the need (or not) to encrypt data.

Questions about how the terrorists managed to evade electronic surveillance during the Paris attacks have fuelled speculation between intelligence authorities as to how they communicated. Shortly after the attack the Times reported the attackers coordinated their assault via unspecified encryption technology. It was stated within the article that: “it was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption.”

But what is encryption? Encrypting data is when information or data is converted into a code which is used to prevent unauthorised access. Arguably, it is the most effective way to achieve data security as to read a file that is encrypted requires a secret key or password that enables you to decrypt it. Encryption keys are designed with algorithms intended to ensure that every key is unpredictable and unique. The longer the key built in this manner, the harder it is to crack the encryption code. An encryption key is used to encrypt, decrypt, or carry out both functions, based on the sort of encryption software used

On the surface you would think that encryption is necessary, especially in terms of maintaining privacy and preserving security. However, this gives rise once again to the question: what is more important? Privacy or security?

Many politicians are under the belief that encryption should be weakened in order to aid police and intelligence services catch cyber criminals. The ITIC (Information Technology Industry Council), which Google, Microsoft, Facebook and Apple and many other leading technology companies are part of, state that “weakening encryption in a bid to help the ‘good guys’ would be a mistake.” Doing so “would actually create vulnerabilities to be exploited by the bad guys.” It seems paradoxical that weakening security would, in fact, strengthen security.

Moreover, in light of an older generation smartphone being found at the Bataclan theatre and being used by authorities to track down and eliminate a second terrorist mobile phone, renewed arguments call it foolhardy not to offer the police some method of accessing a smartphone to help save lives or solve a case.

There are others who are demanding ‘encryption backdoors,’ which would allow law enforcement agencies to have their own keys to decode private and strongly encrypted communications.  Though, again, this idea proves to be subject of debate. These keys would be obtained whenever the government decided and would put the security of any encrypted communication at risk if any of these keys were compromised.

“If secure encryption is outlawed, only outlaws will have secure encryption.”

Certainly, if there was a backdoor, it would not just be used by the ‘good guys.’ Finding any point of entry is what hackers are all about. Their central premise is to find a door and enter it and it doesn’t matter where that door is.